1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-03 05:10:03 +02:00
Commit Graph

23228 Commits

Author SHA1 Message Date
Nikola Pajkovsky
3ffed80eba hlsenc: expand hls_fmp4_init_filename with strftime()
the init.mp4 can be expanded with strftime the same way as
hls_segment_filename.

Signed-off-by: Nikola Pajkovsky <nikola@pajkovsky.cz>
Signed-off-by: liuqi05 <liuqi05@kuaishou.com>
2020-12-08 21:02:23 +08:00
Vignesh Ravichandran
45a673ebee avformat/hls: Fixes overwriting existing #EXT-X-PROGRAM-DATE-TIME value in HLS playlist
fix ticket: 8989

This is is due to the following behavior in the current code:
1. The initial_prog_date_time gets set to the current local time
2. The existing playlist (.m3u8) file gets parsed and the segments
   present are added to the variant stream
3. The new segment is created and added
4. The existing segments and the new segment are written to the
   playlist file. The initial_prog_date_time from point 1 is used
   for calculating "#EXT-X-PROGRAM-DATE-TIME" for the segments,
   which results in incorrect "#EXT-X-PROGRAM-DATE-TIME" values
   for existing segments
The following approach fixes this bug:
1. Add a new variable "discont_program_date_time" of type double
   to HLSSegment struct
2. Store the "EXT-X-PROGRAM-DATE-TIME" value from the existing
   segments in this variable
3. When writing to playlist file if "discont_program_date_time"
   is set, then use that value for "EXT-X-PROGRAM-DATE-TIME" else
   use the value present in vs->initial_prog_date_time

Signed-off-by: Vignesh Ravichandran <vignesh.ravichandran02@gmail.com>
Signed-off-by: liuqi05 <liuqi05@kuaishou.com>
2020-12-08 20:57:24 +08:00
Jan Ekström
95fd790c14 avformat/tee: allow packets with negative timestamps
As this is a meta muxer and the same flag is set with the fifo
meta muxer, there is really no reason not to have this set here
as well.

Signed-off-by: Jan Ekström <jan.ekstrom@24i.com>
2020-12-07 13:34:06 +02:00
Michael Niedermayer
65b8974d54 avformat/dsfdec: Check block_align more completely
Fixes: infinite loop
Fixes: 26865/clusterfuzz-testcase-minimized-ffmpeg_dem_DSF_fuzzer-5649473830912000

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-12-06 21:00:03 +01:00
Michael Niedermayer
76b6c46a81 avformat/av1dec: check size before addition in probing
Fixes: signed integer overflow: 175 + 2147483571 cannot be represented in type 'int'
Fixes: 26833/clusterfuzz-testcase-minimized-ffmpeg_dem_IMAGE2_fuzzer-5969501214212096

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-12-06 21:00:03 +01:00
Michael Niedermayer
47c146a56b avformat/realtextdec: read_ts() in 64bits
Fixes: signed integer overflow: 46671062 * 100 cannot be represented in type 'int'
Fixes: 26826/clusterfuzz-testcase-minimized-ffmpeg_dem_REALTEXT_fuzzer-5644062910316544

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-12-06 21:00:03 +01:00
Marton Balint
76fbb0052d avformat/dv: fix timestamps of audio packets in case of dropped corrupt audio frames
By using the frame counter (and the video time base) for audio pts we lose some
timestamp precision but we ensure that video and audio coming from the same DV
frame are always in sync.

This patch also makes timestamps after seek consistent and it should also fix
the timestamps when the audio clock is unlocked and have a completely
indpendent clock source. (E.g. runs on fixed 48009 Hz which should have been
exact 48000 Hz)

Fixes out of sync timestamps in ticket #8762.

Signed-off-by: Marton Balint <cus@passwd.hu>
2020-12-06 18:09:24 +01:00
Peter Ross
2aab42bc40 avformat/mspdec: Microsoft Paint (MSP) demuxer
Signed-off-by: Peter Ross <pross@xvid.org>
2020-12-06 20:03:47 +11:00
Thierry Foucu
4d97acfe33 libavformat/mov.c: export vendor id as metadata 2020-12-05 10:16:51 +05:30
Limin Wang
95d12da559 avformat/rtsp: prefer to use MAX_URL_SIZE for url and command buffer
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-12-05 09:00:53 +08:00
Michael Niedermayer
4f66dd13d0 avformat/mpc8: Check remaining space in mpc8_parse_seektable()
Fixes: Fixes infinite loop
Fixes: 26704/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6327056939614208

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-12-05 00:08:33 +01:00
Michael Niedermayer
72ca9f38e4 avformat/wavdec: Check for EOF in cues reading
Fixes: Timeout (>20sec -> 1ms)
Fixes: 26793/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-5674966852567040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-12-05 00:08:33 +01:00
Michael Niedermayer
a834af133b avformat/vqf: Check len for COMM chunks
Fixes: Infinite loop
Fixes: 26696/clusterfuzz-testcase-minimized-ffmpeg_dem_VQF_fuzzer-5648269168082944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-12-05 00:08:33 +01:00
Michael Niedermayer
c34004d82f avformat/mov: Use av_sat_add64() in mov_read_sidx()
This avoids a potential integer overflow, no testcase is known

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-12-05 00:08:33 +01:00
Michael Niedermayer
7d75ecf8d2 avformat/mov: Avoid overflow in end computation in mov_read_custom()
Fixes: signed integer overflow: 18 + 9223372036854775799 cannot be represented in type 'long'
Fixes: 26731/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5696846019952640

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-12-05 00:08:33 +01:00
Michael Niedermayer
d7f87a4b9e avformat/id3v2: Sanity check tlen before alloc and uncompress
Fixes: Timeout (>20sec -> 65ms)
Fixes: 26896/clusterfuzz-testcase-minimized-ffmpeg_dem_DAUD_fuzzer-5691024049176576
Fixes: 27627/clusterfuzz-testcase-minimized-ffmpeg_dem_AEA_fuzzer-4907019324358656

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-12-05 00:08:33 +01:00
Michael Niedermayer
9dc3301745 avformat/cafdec: Check the return code from av_add_index_entry()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-29 16:10:56 +01:00
Michael Niedermayer
eb46939e3a avformat/cafdec: Check for EOF in index read loop
Fixes: OOM
Fixes: 27398/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-541296033975500

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-29 16:10:55 +01:00
Michael Niedermayer
5eed718087 avformat/cafdec: Check that bytes_per_packet and frames_per_packet are non negative
These fields are not signed in the spec (1.0) so they cannot be negative
Changing bytes_per_packet to unsigned would not solve this as it is exported
as block_align which is signed

Fixes: Infinite loop
Fixes: 26492/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-5632087614554112

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-29 16:10:55 +01:00
Michael Niedermayer
4bdb7966fa avformat/mpegts: Limit iterations of get_packet_size()
This is a pathological case where the fuzzer provides only 2 bytes per iteration.

Fixes: Timeout (>30 -> 0.9sec)
Fixes: 26488/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTS_fuzzer-5911031077142528

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-29 16:10:55 +01:00
Andriy Gelman
f3891430fc avformat/rtspdec: fix potential mem leak in listen mode
Currently a repeating setup request (with the same stream id) will
simply overwrite rtp_handle/transport_priv without freeing the
resources first. This is fixed by closing the previous setup request.

Reviewed-by: Martin Storsjö <martin@martin.st>
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
2020-11-28 12:27:53 -05:00
Andriy Gelman
b0019b909b avformat/rtspdec: show method request in log
Reviewed-by: Martin Storsjö <martin@martin.st>
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
2020-11-28 12:26:59 -05:00
Michael Niedermayer
0897402ac8 avformat/mpc8: correct integer overflow in mpc8_parse_seektable()
Fixes: signed integer overflow: -4683718486770919638 * 2 cannot be represented in type 'long'
Fixes: 26704/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6327056939614208
Fixes: 27550/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-6259212652642304

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-27 00:25:42 +01:00
Michael Niedermayer
ad3e495657 avformat/mpc8: correct 32bit timestamp truncation
Fixes: left shift of 65536 by 15 places cannot be represented in type 'int'
Fixes: 26801/clusterfuzz-testcase-minimized-ffmpeg_dem_MPC8_fuzzer-5164313092030464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-27 00:25:42 +01:00
Michael Niedermayer
3b8a263c4f avformat/mov: Fix memleak in dref reading
Fixes: leak in mov_read_dref()
Fixes: 26698/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5638785444085760
Fixes: 27554/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-6256643054239744

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-27 00:25:42 +01:00
Andreas Rheinhardt
029cf6a91c avformat/flacenc: Fix memleak when writing attached pictures fails
The FLAC muxer currently stores an attached picture corresponding to an
AVStream in AVStream.priv_data. The AVPacket contained therein is
unreferenced after it has been written. The AVPacket structure itself is
then freed generically as AVStream.priv_data.

And this can lead to memleaks if an attached picture is not written:
It might be because the trailer is never written or because writing
a previous attached picture failed in case error_recognition is set
to explode.

Therefore free the packets properly (i.e. with av_packet_free())
in the muxer's deinit function.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-11-26 13:32:30 +01:00
Jan Ekström
4688017d9a avformat/av1: add support for passing through MP4/Matroska av1c 2020-11-24 10:13:55 +02:00
Michael Niedermayer
1278f117d7 avformat/avs: Use 64bit for the avio_tell() output
Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long'
Fixes: 26549/clusterfuzz-testcase-minimized-ffmpeg_dem_AVS_fuzzer-4844306424397824

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-22 17:45:17 +01:00
Michael Niedermayer
40348637be avformat/moflex: Check pkt_size
Fixes: Timeout (>20sec -> 1ms)
Fixes: 26527/clusterfuzz-testcase-minimized-ffmpeg_dem_MOFLEX_fuzzer-6308307310215168

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-22 17:45:17 +01:00
Leo Izen
f5dcaf2daa avformat/movenc: allow Apple Lossless inside mp4
The 'alac' identifier has been registered to ISO and thus towards
ISOBMFF at the MP4 registration authority. The existing non-MOV
mux mode matches the official ALAC-in-MP4 specification.
2020-11-22 14:28:31 +02:00
Michael Niedermayer
a207df2acb avformat/wavdec: More complete size check in find_guid()
Fixes: signed integer overflow: 9223372036854775807 + 8 cannot be represented in type 'long'
Fixes: 27341/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-5442833206738944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-21 22:09:51 +01:00
Michael Niedermayer
8b50e8bc29 avformat/iff: Check size before skip
Fixes: Infinite loop
Fixes: 27292/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-5731168991051776

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-21 22:09:51 +01:00
Michael Niedermayer
ebf4bc629e avformat/rmdec: Check for EOF in index packet reading
Fixes: Timeout(>10sec -> 1ms)
Fixes: 27284/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6304211110985728

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2020-11-21 22:09:51 +01:00
Andriy Gelman
4fe9e2fc16 avformat/rtsp: don't forget to call ff_network_close() on error
In sdp_read_header() some ff_network_close() calls were missed.

Also in rtp_read_header() update comment to explain why a single
call to ff_network_close() is enough to cover all cases even if
sdp_read_header() returns an error.

Reviewed-by: Martin Storsjö <martin@martin.st>
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
2020-11-21 10:15:52 -05:00
Andriy Gelman
78537aa52f avformat/rtsp: set return variable in error path
In this error path ret still stores the number of bytes read in
ffurl_read().

Reviewed-by: Martin Storsjö <martin@martin.st>
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
2020-11-21 10:15:46 -05:00
Andriy Gelman
9a70b6f5b8 avformat/rtspdec: cosmetics
Make error check style consistent with rest of function.

Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
2020-11-21 10:13:36 -05:00
Andriy Gelman
122fcf1f40 avformat/rtspdec: fix mem leaks in connect mode if init fails
Fixes #6334

Reviewed-by: Martin Storsjö <martin@martin.st>
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
2020-11-21 10:13:28 -05:00
Andriy Gelman
38bc4ba142 avformat/rtspdec: fix mem leaks in listen mode if init fails
Reviewed-by: Martin Storsjö <martin@martin.st>
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
2020-11-21 10:13:16 -05:00
Andriy Gelman
423d06e0e2 avformat/rtspdec: add network init to listen mode
As per the docs network initialization is required before ff_url_join().
Furthermore, because the ff_network_init() was skipped, this makes
one additional call to ff_network_close() if the stream exits without
errors.

The was forgotten in the origin commit of the listen mode:
a8ad6ffafe

Reviewed-by: Martin Storsjö <martin@martin.st>
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
2020-11-21 10:11:38 -05:00
Steve Lhomme
5bd870a212 avformat/matroskadec: only use the track duration if it exists
No need to multiplying/dividing when we know it's zero.

Signed-off-by: Anton Khirnov <anton@khirnov.net>
2020-11-20 15:20:24 +01:00
Steve Lhomme
3a2b786db0 avformat/matroskadec: adjust the cluster time to the track timebase
The Block timestamp read in matroska_parse_block() is in track timebase and is
passed on as such to the AVPacket which uses this timebase.

In the normal case the Cluster and Track timebases are the same because the
track->time_scale is 1.0. But when it is not the case, the values in Cluster
timebase need to be transformed in Track timebase so they can be added
together.

Signed-off-by: Anton Khirnov <anton@khirnov.net>
2020-11-20 15:20:24 +01:00
Steve Lhomme
b00d2210e4 avformat/matroskadec: add a warning when the track TimestampScale won't be used
Signed-off-by: Anton Khirnov <anton@khirnov.net>
2020-11-20 15:20:24 +01:00
Martin Storsjö
104e5233f0 http: Check for AVERROR_EOF in the check for premature end
When the check was added (in 3668701f96, in 2015), some IO
functions returned 0 on EOF (in particular, the TCP protocol
did, but the TLS protocol returned AVERROR_EOF). Since
0e1f771d22 in 2017, the TCP protocol also returns AVERROR_EOF
instead of 0, making the check for premature end never have the
intended effect.

Signed-off-by: Martin Storsjö <martin@martin.st>
2020-11-20 10:37:24 +02:00
Marton Balint
bf19833ae2 avformat/mpegts: make sure mpegts_read_header always stops at the first pmt
mpegts_read_header stops parsing the file at the first PMT. However the check
that ensured this was wrong because streams can also be added before the first
PMT is received (e.g. EIT).

So let's make sure we are in the header reading phase by checking if ts->pkt is
unset instead of checking if the number of streams found so far is 0.

Signed-off-by: Marton Balint <cus@passwd.hu>
2020-11-19 21:22:07 +01:00
Limin Wang
3871326910 avformat/dvenc: check the format before vst and ast[i] are initialized
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-11-19 22:39:30 +08:00
Limin Wang
da0faf10a3 avformat/dvenc: s->streams[i] -> st
Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
2020-11-19 22:39:30 +08:00
Andreas Rheinhardt
96443ab4b0 avformat/asfdec_o: Remove code duplication
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-11-15 18:20:59 +01:00
Andreas Rheinhardt
33870a6aa7 avformat/asfdec_o: Don't reset twice
A variable has been assigned a value twice consecutively; essentially
the same happens when one performs av_init_packet on an AVPacket after
a call to av_packet_unref.

Found via PVS-Studio (see ticket #8156).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-11-15 18:20:59 +01:00
Andreas Rheinhardt
bf4909f0a3 avformat/asfdec_o: Export metadata that applies to the whole file
The ASF specification of Metadata Objects' stream number is as follows:

"Specifies whether the entry applies to a specific digital media stream
or whether it applies to the whole file. A value of 0 in this field
indicates that it applies to the whole file; otherwise, the entry
applies only to the indicated stream number and must be between 1 and
127."

Yet the asf_o demuxer (the one originating from Libav) has always
treated such metadata as if it applied to a stream even though no stream
with a stream number may exist in a valid ASF file. This is fixed in
this commit; it affected e.g. the file
wma_with_metadata_library_object_tag_trimmed.wma from the FATE suite.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-11-15 18:20:54 +01:00
Andreas Rheinhardt
e83f27a21a avformat/asfdec_o: Don't segfault with lots of attached pics
The ASF file format has a limit of 127 streams and the "asf_o" demuxer
(the ASF demuxer from Libav) has an array of pointers for a structure
called ASFStream that is allocated on demand for every stream. Attached
pictures are not streams in the sense of the ASF specification, yet the
demuxer created an ASFStream for them; and in one codepath it also
forgot to check whether the array of ASFStreams is already full. The
result is a write beyond the end of the array and a segfault lateron.

Fixing this is easy: Don't create ASFStreams for attached picture
streams.

(Other results of the current state of affairs are unnecessary allocations
(of ASFStreams structures), the misparsing of valid files (there might not
be enough ASFStreams left for the valid streams if attached pictures take
up too many); furthermore, the ASFStreams created for attached pictures all
have the stream number 0, an invalid stream number (the valid range is
1-127). This means that invalid data (packets for a stream with stream
number 0) won't get rejected lateron.)

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-11-15 18:17:36 +01:00